Re: SELinux question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Paul Howarth írta:

On Sun, 2006-05-28 at 17:13 +0200, Zoltan Boszormenyi wrote:

Hi,

answering to myself. :-)

Zoltan Boszormenyi írta:

So, how can I fix the current situation and include /home1/pgsql in
the postgresql context/domain? I would like to relabel it to recover the context... 

BTW the same principle would apply if one would like to create
another tablespace for postgresql under another mount point...

After some more RTFM, it would seem simple:

semanage fcontext -a -t postgresql_db_t '/home1/pgsql/data(/.*)?'
semanage fcontext -a -t postgresql_log_t '/home1/pgsql/pgstartup.log'
fixfiles relabel /home1/pgsql

But it was not enough. Starting it with "service postgresql start" fails.
I had to modify the rc script, too. I had to replace /var/lib/pgsql with
/home1/pgsql everywhere despite the /var/lib/pgsql -> /home1/pgsql symlink.


This will be failing because SELinux is blocking access to reading the
symlink. You should find an avc denial for the lnk_file in your logs.


I haven't found any. :-(
Can this difference below cause the problem?

[root@localhost log]# ls -d --scontext /var/lib/pgsql
user_u:object_r:var_lib_t        /var/lib/pgsql -> /home1/pgsql
[root@localhost log]# ls -d --scontext /var/lib/pgsql/
system_u:object_r:default_t      /var/lib/pgsql/
Adding /home1/pgsql with var_lib_t context didn't make any difference, though. 


But this is enough for adding another tablespace under e.g. /home1/pgsql2:

mkdir -p /home1/pgsql2/data
chown -R postgres.postgres /home1/pgsql2
semanage fcontext -a -t postgresql_db_t '/home1/pgsql2/data(/.*)?'
fixfiles relabel /home1/pgsql2


An easier way is to bind mount /home/pgsql on /var/lib/pgsql etc. and do
a restorecon -R on the "new" /var/lib/pgsql. That achieves the same
effect without the symlink.
I know, but the disk I install will be (or already is) used for both my databases 
and for extending /home. I created only one partition on that disk, so...
The system is my home/devel machine and the disk is SATA and fast enough.
Although for a high performance production machine, I would always give
PostgreSQL it's own disks to separate WAL, table and index spaces.

Best regards,
Zoltán Böszörményi

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux